First, Yo. Doesn’t even need to be a good password.

Second, what you are describing is something very different. Outside of very rare situations (most of which theoretical or specifically targeting a specific system by a state level actor), to be able to “boot the bios and disable it” would generally mean the machine is already VERY compromised or the bad actor has physical access to the machine.

A good way of thinking of it is that secure boot isn’t the lock on the door. It is the peephole that you look through to make sure that the person with your pizzas is from Georgio’s AND you actually ordered pizza. Rather than just opening the door because “Yo, free food”.

On its own? It doesn’t do much. But it goes a LONG way towards improving security when combined with other tools/practices.